The deadline to comply with GDPR has passed (5/25/18). As most know, if your business is audited and found to be irresponsible with its customer data, according to GDPR regulations, fines are up to €20 million, or four percent of worldwide annual revenue. Moreover, GDPR does not just apply to EU companies; it extends to all those that process the data of EU residents.
The regulation is no joke. Activist groups, already outraged by how many companies have misused personal information, have called out giants like Facebook and Google for not creating tight enough protocol. If these titans, with cutting-edge resources at their fingertips, are struggling to adhere to the new law, how can small and medium-sized teams make sure their operations are efficient, secure, and worthy of their customers?
Amid a variety of strategies to bring your company into compliance, specific tools can make this process less arduous and complicated by targeting several pain points at once.
Start With a Checklist
Before diving into tools to help you comply with specific parts of GDPR, it's important to keep the overall picture in mind.
A team from Belgium created a handy checklist that you can use as a guide throughout the process. It covers outlining the type of data your company holds, where, and why; the creation of a clear accountability and management policy for it, including your contracts with sub-processors; making the data clearly accessible to customers; new consent guidelines; and understanding what to do in special cases with high-risk data.
For example, a breakdown of the level of detail that the checklist goes into to make sure you account for each important part of the regulation is below in its first section, “Your Data.”
The list is interactive, so you can check off each task once it's completed in the circle on the left. If you're looking for more information on a particular bullet, you can use the drop down arrows for a longer description and links to further resources.
1. Improve Your Data Collection with Social Login
Social login is a single sign-on for end users that relies on existing information from a social network provider like Facebook, Google, or LinkedIn. This not only makes the registration process smoother for the customer, reducing onboarding friction and keeping them coming back over time, but also adds an additional layer of security to the information they provide.
A customer will see this screen when they log in to your app:
Whichever social provider you've selected for the app will appear as an option for the customer up top, often along with the chance to choose email sign-in.
On the back end with Auth0's social login feature, your team is able to choose from over thirty providers.
If you're an e-commerce site, you might offer the chance to sign in with payment apps like PayPal, while a career platform might select LinkedIn. In each case, your team has the opportunity to view the public information that your customers have already shared on these apps. Since, in most instances, these apps have authenticated their users, incorporating social login into your operations helps ensure that the information you're pulling is authentic and up-to-date.
Social login keeps your customer data organized in a single location from the start. This is key to all other facets of aligning with GDPR regulation. Being able to quickly recall and make changes to this data will set you up for success going forward.
2. Manage Your Users With Auth0's User Dashboard
Auth0's user dashboard is a centralized view that clarifies in real-time who is accessing your customers' information, how, from where, and using what device.
Administrators can rapidly scroll through current users for context (name, picture, and outside affiliation if they are a consultant or third party).
Clicking on a particular user will enlarge their profile to provide an even richer view of details, including: their contact information; which sites they are working on; which devices they are using to do so; and a history of all prior activity in your system.
From here, it's simple to block anyone that is suspicious or not acting appropriately. It's difficult to understand how important this tool can be if you are assessed for GDPR compliance. It gives you a comprehensive understanding and clearly documented approach to track and control anyone touching the data of your end users. The user dashboard is more advanced than the manual methods that many teams are currently using to track this, such as adding information to spreadsheets.
The dashboard can help a team understand trends, set clear policies for its users, quickly communicate its process to customers, and facilitate customers that wish to access, modify, move, or delete their data.
3. Manage Your Workflow With Airtable
To organize your team, it could be useful to move your GDPR checklist into a workflow tool like Airtable to track who will complete each task, by when, and note additional important details.
For any major project like this, you can assign portions to individual teammates, set due dates, and customize it with notes.
(Source)
Airtable is far more than a black-and-white spreadsheet; it allows people who are more visual to upload photos for a multi-dimensional view. For example, if administrators are working through particular use cases, they can add screenshots to better explain processes or highlight any issues as they arise.
The comprehensive abilities of Airtable allow for a clarity and depth of understanding of the nuances of complex projects like an operations overhaul or revamping IT policies to align with GDPR. Having everything specifically documented in this tool can allow you to quickly pull and analyze information in preparation for an audit.
Other workflow tools that could help include Asana (particularly helpful if a great calendar view is needed) and Trello (better for hitting the major points if your team is expert and well versed in GDPR details).
It's Not Too Late to Comply!
Despite being past the deadline, your team still has time and tools at your fingertips to quickly get up to speed. Taking advantage of the tools above will make the transformation more efficient, transparent, and potentially even enjoyable as you uncover ways to better support your customers (e.g., creating a smoother onboarding experience) in addition to providing exceptional security.
About the author
Diego Poza
Sr Manager, Developer Advocacy